Who should take this exam?
Candidates for this exam secure Windows Server 2016 environments. Candidates are familiar with the methods and technologies used
to harden server environments and secure virtual machine infrastructures using Shielded and encryption-supported virtual machines
and Guarded Fabric.

Candidates manage the protection of Active Directory and Identity infrastructures and manage privileged identities using Just in
Time (JIT) and Just Enough Administration (JEA) approaches, as well as implement Privileged Access Workstations (PAWs) and secure
servers using the Local Administrator Password Solution (LAPS).

Candidates should also be able to use threat detection solutions such as auditing access, implementing Advanced Threat Analytics (ATA),
deploying Operations Management Suite (OMS) solutions, and identifying solutions for specific workloads.

QUESTION 2Note: Thb question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet thestated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you willNOTbeabletorrturntoit.Asa result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.You need to deploy several critical line-of-business applications to the network to meet the following requirements:*The resources of the applications must be isolated from the physical host*Each application must be prevented from accessing the resources of the other applications.*The configurations of the applications must be accessible only from the operating system that hosts the application.Solution: You deploy one Windows container to host all of the applications.Does this meet the goal?A. YesB. NoCorrect Answer: AExplanation

QUESTION 3Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com. Contosoadmin.com contains all of the useraccounts used to manage the servers in contoso.com.You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities and attacks.What should you include in the recommendation?A. Provide a Privileged Access Workstation (PAW) for each user account in both forests.Join each PAW to the contoso.com domain.B. Provide a Pnvileged Access Workstation (PAW) for each user in the contoso.com forest Join each PAW to the contoso.com domain.C. Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com domain.D. Provide a Pnvileged Access Workstation (PAW) for each administrator. Join each PAW to the contosoadmin.com domain.Correct Answer: BExplanation

QUESTION 4Note: This question b part of a series of questions that use the same or simitar answer choices. An answer choice may be correct for more than one question inthe series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com The domain contains a server named Server1 that runs Windows Server 2016.Server1 has a shared folder named Share1.You need to ensure that all access to Share1 uses SMB Encryption.Which tool should you use?A. File ExplorerB. Shared FoldersC. Server ManagerD. Disk ManagementE. Storage ExplorerF. Computer ManagementG. System ConfigurationH. File Server Resource Manager (FSRM)>Correct Answer: CExplanation

QUESTION 5Note: This question is port of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question Inthe series. Each question is Independent of the other questions In this series. Information and details provided in a question apply only to that question.Vour network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016 and aNano Server named Nano1.Nano1 has two volumes named C and D.You are signed in to Server1.You need to configure Data Deduplication on Nano1.Which tool should you use?A. File ExplorerB. Shared FoldersC. Server ManagerD. Disk ManagementE. Storage ExplorerF. Computer ManagementG. System ConfigurationH. File Server Resource Manager (FSRM)Correct Answer: AExplanation

QUESTION 6Note: Thts question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet thestated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com. The domain contains a computer named Computer1 that runs Windows 10. Computer1connects to a home network and a corporate network.The corporate network uses the 172.16.0.0/24 address space internally.Computerl runs an application named App1 that listens to port 8080.You need to prevent connections to App1 when Computer1 is connected to the home network.Solution: From Windows Firewall in the Control Panel, you add an application and allow the application to communicate through the firewall on a Private network.Does this meet the goal?A. YesB. NoCorrect Answer: BExplanation

QUESTION 7Windows Firewall rules can be configured using PowerShell.The “Set-NetFirewallProfile” cmdlet configures settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security.What is the default setting for the AllowInboundRules parameter when managing a GPO?A. FALSEB. NotConfiguredCorrect Answer: BExplanationExplanation/Reference:Explanation: The default setting when managing a computer is True. When managing a GPO, the default setting is NotConfigured. The NotConfigured value isonly valid when configuring a Group Policy Object (GPO). This parameter removes the setting from the GPO, which results in the policy not changing the value onthe computer when the policy is applied.

QUESTION 8Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1.Server1 is configured as shown in the following table.

QUESTION 9Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each questionpresents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Start of repeated scenarioYour network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.You have an organizational unit (OU) named Marketing that contains the computers in the marketing department You have an OU named Finance that containsthe computers in the finance department You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 is linkedto the Marketing OU. A GPO named GP2 is linked to the AppServers OU.You install Windows Defender on Nano1.End of repeated scenarioYou need to ensure that the marketing department computers validate DNS responses from adatum.com.Which setting should you configure in the Computer Configuration node of GP1?A. TCPIP Settings from Administrative TemplatesB. Connection Security Rule from Windows SettingsC. DNS Client from Administrative TemplatesD. Name Resolution Policy from Windows SettingsCorrect Answer: DExplanation

QUESTION 10Note: This question Is part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet thestated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to It, As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com. The domain contains multiple Hyper-V hosts.You need to deploy several critical line-to-business applications to the network to meet the following requirements:*The resources of the applications must be isolated (rom the physical host.*Each application must be prevented from accessing the resources of the other applications.*The configurations of the applications must be accessible only from the operating system that hosts the application.Solution: You deploy a separate Hyper-V container for each application.Does this meet the goal?A. YesB. NoCorrect Answer: AExplanation

QUESTION 11Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.Windows Defender comes with a number of different Defender-specific cmdlets that you can run through PowerShell to automate common tasks.Which Cmdlet would you run first if you wanted to perform an offline scan?A. Start-MpWDOScanB. Start-MpScanC. Set-MpPreference -DisableRestorePoint $trueD. Set-MpPreference -DisablePrivacyMode $trueCorrect Answer: AExplanationExplanation/Reference:Explanation: Some malicious software can be particularly difficult to remove from your PC. Windows Defender Offline (Start-MpWDOScan) can help to find andremove this using up- to-date threat definitions.

QUESTION 12Vout network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2016.The domain contains a server named Serverl that has Microsoft Security Compliance Manager (SCM) 4.0 installed.You export the baseline shown in the following exhibit.

You have a server named Server2 that is a member of a workgroup.You copy the (2617e9b1-9672-492b-aefa-0505054848c2) folder to Server2.You need to deploy the baseline settings to Server2.What should you do?A. Download, install, and then fun the Lgpo.exe command.B. From Group Policy Management import a Group Policy object (GPO).C. From Windows PowerShell, run the Restore-GPO cmdlet.D. From Windows PowerShell, run the Import-GPO cmdlet.E. From a command prompt run the secedit.exe command and specify the /import parameter.Correct Answer: DExplanation

QUESTION 13Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet thestated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2016. All client computers run Windows 10.The relevant objects in the domain are configured as shown in the following table.

You need to assign User1 the right to restore files and folders on Server1, and Server2.Solution: You add User1 to the Backup Operators group in contoso.com.Does this meet the goal?A. YesB. NoCorrect Answer: AExplanation

QUESTION 14Your network contains an Active Directory domain named contoso.com.You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain.You install the ATA Center on server named Server1 and the ATA Gateway on a server named Served.You need to ensure that Server2 can collect NTLM authentication events.What should you configure?A. the domain controllers to forward Event ID 4776 to Server2B. the domain controllers to forward Event ID 1000 to Server1C. Server2 to forward Event ID 1026 to Server1D. Server1 to forward Event ID 1000 to Server2Correct Answer: AExplanation

QUESTION 15Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each questionpresents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Start of repeated scenarioYour network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that containsthe computers in the finance department. You have an OU named AppServers that contains application servers. A Group Policy object (GPO) named GP1 islinked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.You install Windows Defender on Nano1.End of repeated scenarioYou need to ensure that you can deploy a shielded virtual machine to Server4.Which server role should you deploy?A. Hyper-VB. Device Health AttestationC. Network ControllerD. Host Guardian ServiceCorrect Answer: AExplanation

QUESTION 16Note: This question is part of a scries of questions that present the same scenario. Each question In the series contains a unique solution that might meet thestated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question In this section, you will NOT be able to return to It. As a result, these questions will not appear In the review screen.Your network contains an Active Directory domain named contoso.com. The domain contains mulbple Hyper-V hosts.You need to deploy several critical line-of-business applications to the network; to meet the following requirements:*The resources of the applications must be isolated from the physical host.*Each application must be prevented from accessing the resources of the other applications.*The configurations of the applications must be accessible only from the operating system that hosts the application.Solution: You deploy a separate Windows container for each application.Does this meet the goal?A. YesB. NoCorrect Answer: AExplanation

QUESTION 17Note: This question b part of a series of questions that present the same scenario. Each question In the series contains a unique solution that might meet thestated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear In the review screen.Your network contains an Active Directory domain named contow.com. All servers run Windows Server 2016. All client computers run Windows 10.The relevant objects in the domain are configured as shown in the following table.

You need to assign User1 the right to restore files and folders on Server1 and Server2.Solution: You create a Group Policy object (GPO), link it to the Operations Users OU, and modify the Users Rights Assignment in the GPO.Does this meet the goal?A. YesB. NoCorrect Answer: BExplanation

QUESTION 18Note: The question is part of a series of questions th?present the same scenario. Each question In the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to It. As a result, these questions will not appear in the review screen.Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2016. The forest contains 2,000 client computers that runWindows 10. All client computers are deployed from a customized Windows image.You need to deploy 10 Privileged Access Workstations (PAWs). The solution must ensure that administrators can access several client applications used by allusers.Solution: You deploy 10 physical computers and configure them as PAWs. You deploy 10 additional computers and configure them by using the customizedWindows image.Does this meet the goal?A. YesB. NoCorrect Answer: AExplanation

QUESTION 19Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2016.The services on Server1 are shown in the following output.

Rule1 and Rule2 are configured a$ shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

ExplanationExplanation/Reference:

QUESTION 20You plan to deploy three encrypted virtual machines that use Secure Boot. The virtual machines will be configured as shown in the following table.

QUESTION 22Your network contains two Active Directory forests named contoso.com and adatum.com.Contoso.com contains a Hyper-V host named Server1. Server1 is a member of a group named HyperHosts. Adatum.com contains a server named Server2.Server1 and Server2 run Windows Server 2016.Contoso.com trusts adatum.com.You plan to deploy shielded virtual machines to Server1 and to configure Admin-trusted attestation on Server2.Which component should you install and which cmdlet should you run on Server2? To answer, select the appropriate options in the answer area.

ExplanationExplanation/Reference:

QUESTION 23Note: This question is part of a series of questions that use the same scenario. For your convenience, the scenario is repeated in each question. Each questionpresents a different goal and answer choices, but the text of the scenario is exactly the same in each question in this series.Start of repeated scenarioYour network contains an Active Directory domain named contoso.com. The functional level of the forest and the domain is Windows Server 2008 R2.The domain contains the servers configured as shown in the following table.

All servers run Windows Server 2016. All client computers run Windows 10.You have an organizational unit (OU) named Marketing that contains the computers in the marketing department. You have an OU named Finance that containsthe computers in the finance department. You have an OU named AppServers that contains application servers.A Group Policy object (GPO) named GP1 is linked to the Marketing OU. A GPO named GP2 is linked to the AppServers OU.You install Windows Defender on Nano1.End of repeated scenarioYou need to ensure that you can implement the Local Administrator Password Solution (LAPS) (or the finance department computers.What should you do in the contoso.com forest? To answer, select the appropriate options in the answer area.

ExplanationExplanation/Reference:

QUESTION 24Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016.You have an organizational unit (OU) named OU1 that contains Server1.You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.A user named User1 is a member of group named Group1. The properties of User1 are shown in the User1 exhibit (Click the Exhibit button.)

From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

ExplanationExplanation/Reference:

QUESTION 25Your network contains an Active Directory domain named contoso.com.You have an organizational unit (OU) named Secure that contains all servers.You install Microsoft Security Compliance Manager (SCM) 4.0 on a server named Server1.You need to export the SCM Pnnt Server Secunty baseline and to deploy the baseline to a server named Server2.What should you do? To answer, select the appropnate options in the answer area.

ExplanationExplanation/Reference:

Conclusion:Maeeonline has been doing free and effective content to help more people improve their skills, the latest update free 25 Microsoft MCSE 70-744 exam dumps with 70-744 PDF to help you easily practice testing online, free content to help you open the door to learning, If you want to pass 70-744 exam at one times, select: https://www.pass4itsure.com/70-744.html (Q&As:176). Pass4itsure offers PDF + VCE two modes to help you learn easily.